NSA uses Windows error reports to spy on civilians

Every Windows user knows that irritating post-crash message: "The system has recovered from a serious error. A log of this error has been created. Please tell Microsoft about this problem." Below the message, the options: "Send Error Report" or "Don't Send".

Many users click "Send" without thinking any more about it. "Sure," they think. "Why not help Microsoft fix this bug?"

Here's why not: new reports leaked by Edward Snowden suggest that the American National Security Agency (NSA) has even been spying on our Windows error reports in order to gain information about our systems.

And the worst thing? It isn't even that hard. For error dumps that contain any potentially personal information, Microsoft encrypts its reports, but for the more mundane kind, the messages are transmitted unencrypted and out in the open.

That isn't to say there's not still a horde of useful information being passed in these reports. Information on your operating system, what software you run, when it crashes, and which programs aren't working properly is gift-wrapped in this smorgasbord of valuable system information. The reports even contain information on when a USB or PCI device is plugged in. All of this could prove extremely useful when tailoring a specific attack against a system, or designing a trojan to infect it.

The operation appears to be conducted by Tailored Access Operations (TAO), the NSA's top operative unit, and the one most often used to infiltrate the computers of enemies of the United States.

The inventive spying techniques are giving the NSA something to laugh about, at least.

In one internal graphic, they replaced the text of Microsoft's original error message with one of their own. "Sigint" stands for "signals intelligence."

An internal presentation suggests that the NSA's powerful XKeyscore spying tool is used to filter Microsoft's unencrypted crash reports from the enormous ocean of Internet traffic.

According to the presentation, the reports are a "neat way" to gain "passive access" to a machine. Passive access is a term used to describe access to all data that a computer sends out to the Internet, without any internal malware compromising the system.

Update: When approached by ITProPortal, Microsoft spokespeople issued the following statement:

"Microsoft does not provide any Government with direct or unfettered access to our customer's data. We would have significant concerns if the allegations about Government actions are true. Regardless, we continue to review our encryption technologies and practices."

The company also directed concerned users to their "Microsoft on the Issues" blog, where they discussed government surveillance in early December.